graphviz: Proper harden some binaries

Use some additional compiler flags, to proper
harden them.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/graphviz/graphviz.nm b/graphviz/graphviz.nm
index 625c554b25430634be69834ed3ac71d90ce8c814..c5147c5f59a327b6a57835906e64f6bd6943c735 100644 (file)
--- a/graphviz/graphviz.nm
+++ b/graphviz/graphviz.nm
@@ -5,7 +5,7 @@
 
 name       = graphviz
 version    = 7.0.4
-release    = 1
+release    = 2
 
 groups     = Development/Tools
 url        = https://gitlab.com/graphviz/graphviz
@@ -42,6 +42,32 @@ build
                ./autogen.sh
        end
 
+       configure_options += \
+               --enable-debug
+
+       configure_cmds
+               # Add some additional C compiler flags to proper harden liblab_gamut.
+               sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \
+                       lib/edgepaint/Makefile
+
+               # Add some additional C and C++ compiler flags to proper harden
+               # the "dot" binaries.
+               sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \
+                       cmd/dot/Makefile
+               sed -i '/^CXXFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \
+                       cmd/dot/Makefile
+
+               # Add some additional C compiler flags to proper harden the
+               # "gvpr" binaries.
+               sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \
+                       cmd/gvpr/Makefile
+
+               # Add some additional C compiler flags to proper harden the
+               # tools.
+               sed -i '/^CFLAGS =/ s/$/ -fno-builtin-exit -D__noreturn__=/' \
+                       cmd/tools/Makefile
+       end
+
        test
                make check
        end